My new patent on secure boot using embedded flash

2008-12-17

Yesterday, I got a US patent application granted by the Patent and Trademark Office. The patent bears the title "SYSTEM, DEVICE, AND METHOD OF SELECTIVELY ALLOWING A HOST PROCESSOR TO ACCESS HOST-EXECUTABLE CODE". Essentially, this patent discloses a technology that allows to boot a computing platform into a trusted state using a cryptography-enabled code storage device, without the need for a cryptography-enabled host processor. In other words, the technology allows to securely boot a platform that has a security module that is coupled with the storage medium (e.g., embedded Flash memory) that stores the software, instead of a security module that is coupled with the host processor.

Among other uses, it allows to introduce a “secure boot” feature into a platform by replacing the storage component with a cryptography-enabled one, without having to make other complex hardware changes to the platform.

“Secure boot” is not a new concept. Computing platforms implement it for years, using anything from simple verification code in ROM to a TPM chip. However, planting a feature-rich secure boot mechanism into an existing platform typically requires architectural changes that are expensive to introduce. The disclosed technology allows to obtain this feature by replacing the storage component; often an easier modification that may occasionally occur anyway.

Security requirements emerge and often require changes to existing platforms outside their natural modification cycles. Changes (especially to hardware) cost much. Consequently, security methods are often judged not only by their security properties, but also by the cost of deploying them into existing systems.

The new technology is assigned to, and now owned by, Discretix Technologies Ltd., which also employs some of the other co-inventors involved.